php - Twitter OAuth Identification
So I am trying to let my customers login in with Twitter, and just twitter.
Twitter says "You should never store a password for your users again", but how am I going to reauthenticate my users with twitters API?
If I resend the user to twitter after they have deleted their session, twitter asks the user again if they want to give acces to my application.
Is it at all possible to have seamless intergration with twitter accounts without ever storing local user data?
It seems that the question is not extremely clear. What I have experienced using for example http://forum.jquery.com/. They use OpenID. I click "Login with google". I get redirected to google. Google remebers I gave acces to Zoho once and instantly sends me back to forums.jquery.com, this time with an access_token for zoho to authenticate me with. I have no persistent data with Zoho. Yet they can log me in.
What twitter with OAuth does is the following. A user comes to my site, they click "Login with twitter" and get redirected to twitter. Twitter asks them again whether they want to give the application access to their data. Instead of the immediate redirect google does.
Is it possible for twitter to immediatly redirect the user to me. Is there a setting for me I am overlooking.
Send users to https://api.twitter.com/oauth/authenticate instead of https://api.twitter.com/oauth/authorize. If the user is already signed into Twitter and has previously authenticated with your app they will be redirected without seeing an allow/deny prompt.
What you store from Twitter are the user's TOKEN and user's SECRET. Those values are issued by Twitter (or any oauth provider) when you are in the process of oauth authentication.
You can get the idea using this library in PHP:
Or this one in Ruby:
The process is quite straightforward once you tried with any real example. It is not difficult at all.
There are also some nice screencasts here:
Have you actually read the API?
Read the getting started page, you don't store passwords you store access tokens for the user. And if you want people to log in and register your going to have to store some data ;-)
I had this problem exactly and solved it using setAuthorizedUrl method - for more details see here http://www.evilprofessor.co.uk/359-sign-in-with-twitter-using-zend-framework/
This tutorials might Helpful for you.
Twitter API connect using oAuth
Cristian comment is what I was looking for.
Shame that twitter doesn't recognize that the users have already allowed my app and redirects automatically